The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by their inclusion in this section.
A majority of businesses and other organizations today rely on computer systems and networks for an increasingly wide variety of business operations. As reliance on computing technologies has grown, so too has the importance of securing computer systems and networks against internal and external security threats. However, the breadth and complexity of security threats targeting such computer systems and networks is far and wide and ever growing. To monitor and address these security threats, organizations increasingly rely on sophisticated computer security applications and hardware such as firewalls, anti-virus tools, data loss prevention (DLP) software, etc.
Existing security applications often rely on security threat libraries to detect potential occurrences of computing device and network security threats. These threat libraries often contain a comprehensive set of security threat signatures that can be used to identify a wide range of known security threats. At a high level, a threat signature typically includes a pattern against which computer and network activity can be compared to identify potential occurrences of malware, viruses, network intrusion attempts, and other types of security threats. For example, network traffic, log data, and other computer-related activity can be analyzed using regular expression matching or other techniques to compare the activity against a library of security threat signatures, and to flag particular activity when one or more security threat signatures are matched.
Many existing security applications aggregate computer security threat libraries to enable detecting as wide of a range of security threats as possible. However, as the number of security threat signatures associated with these libraries increases, so too does the computational complexity of checking a potentially vast amount of network traffic and other computer activity-related data for the existence of data matching one or more of the signatures. Furthermore, many signatures of a comprehensive signature library might not be not relevant to all types of computing devices and computing environments.